2© 2009 SWITCH AAI OpCom - Sept 2009
Lunch
Agenda– AAI status update– Shibboleth 2 Migration– News about the Resource Registry– Update on IdP Best Current Practices– Update for the Attribute Specification– AAA idea : Windows SSO for IdP AuthN
Thomas Lenggenhager
Lukas HämmerleHalm Reusser + reviewersChad La JoieMichael Hausherr
– GÉANT3: eduGAIN & Inter-Federation– Bilateral Configurations across Federation Boundaries– N-tier/Web Portal Use Cases
Thomas LenggenhagerLukas HämmerleChad La Joie
Coffee Break
Thomas LenggenhagerChad La JoieLukas HämmerleLukas Hämmerle
– Virtual Organization Platform & Library Use Case– Shibboleth meets Buzzwords– Persistent ID and its use for account checking– AAI passwords as attribute for special use cases
10:10 –11:20
11:30 –12:15
15:10 –16:45
13:50 –14:50
Slides at http://www.switch.ch/aai/events/opcom-200909/
4© 2009 SWITCH AAI OpCom - Sept 2009
Growth of the SWITCHaai Federation
2004 2005 2006 2007 2008 2009/Q3
5© 2009 SWITCH AAI OpCom - Sept 2009
New IdPs in 2009
6© 2009 SWITCH AAI OpCom - Sept 2009
SWITCHaai Federation in Autumn 2009
# AAI enabled accounts # Resources
# Home Organizations
>95% coverage inhigher education
7© 2009 SWITCH AAI OpCom - Sept 2009
Usage Statistics from the Discovery Service
• Central Discovery Service operated by SWITCH Two redundant servers
one in Zurich one in Lausanne
• Two mechanisms Classic: well known drop down list Embedded: customizable for own resources
• Currently the only practicable way to collect some federation-wide usage data.• On the basis of both DS server logs, an approximation is possible.
• Remarks Some resources use their own discovery mechanism
and are therefore not included in these statistics. OLAT uses embedded WAYF since mid August 2009.
8© 2009 SWITCH AAI OpCom - Sept 2009
Discovery Log from Sept 2008 to August 2009 (1Y)
Total number of resource accesses through the discovery service:4'502'924
Average resource accesses: 12'336 per day 514 per hour 1 every 7 seconds
Most busy day: Thursday, 11.9.2008 – 39'563 resource accesses Least busy day: Sunday, 11.1.2009 – 4 resource accesses
SAML 213.5 %
9© 2009 SWITCH AAI OpCom - Sept 2009
Top 15 Home Orgs on the Discovery Service
10© 2009 SWITCH AAI OpCom - Sept 2009
Top 15 Resources on the Discovery Service
11© 2009 SWITCH AAI OpCom - Sept 2009
Extending the Federation
• Guidelines as approved by SWITCH Executive Committee SWITCH Community remains the core of SWITCHaai Extension towards «Education System» These institutions will operate IdPs and SPs
Others will still be able to join as Federation Partners These institutions operate SPs
12© 2009 SWITCH AAI OpCom - Sept 2009
New Federation Partner Resources
Publishers
+ Dawsonera+ Dawson Books
+ Johns Hopkins University Press+ Project MUSE (not yet ready)
+ Universitätsbibliothek Freiburg+ ReDI (not yet ready)
Others
+ Apple Sales International+ Apple Neptun Store
+ Netenviron+ Community Services (not yet ready)
+ SAGW+ InfoClio
13© 2009 SWITCH AAI OpCom - Sept 2009
IdP Hosting as a SWITCH Service?
• SWITCH offered Jump-Start for IdPs Only ZHW (now ZHAW) made use of it
• PHBern now asked for IdP Hosting as a service
• The AAI team evaluates options and costs Identity Management would remain responsibility of the institution If it looks feasible, it would become an optional service with a tariff
• Let us know if this could be of interest to you as well
14© 2009 SWITCH AAI OpCom - Sept 2009
TNC2009 Presentation: «Users are Easy»
• Project FLAME - Sponsored by JISC Federated Local Access Management Environment A series of social experiments, amongst a relatively sophisticated
group of online service users. Gained some interesting baseline measurements of the scale of the
problems we face - which won't be solved by technology alone.
• John Paschoud, London Scool of Economics http://tnc2009.terena.org/schedule/presentations/show.php?pres_id=31 Slides (PPT)
http://tnc2009.terena.org/core/getfile.php?file_id=309 Study Report (PDF)
http://tnc2009.terena.org/core/getfile.php?file_id=350 Archived Stream
http://tnc2009.terena.org/media/archive.php?stream=3B
• Really worthwhile watching the stream!